Monday, May 28, 2012
Stuxnet, Duqu and Flame are all examples of cases where we - the antivirus industry - have failed.
Flame (aka Flame aka Skywiper) is a massive, complex piece of malware, used for information gathering and espionage. The malware is most likely created by a western intelligence agency or military. It has infected computers in Iran, Lebanon, Syria, Sudan and elsewhere. There seems to be a clear difference in how online espionage is done from China and how it's done from the west. Chinese actors prefer attacks targeted via spoofed emails with boopy-trapped documents attached. Western actors seem to avoid email and instead use USB sticks or targeted break-ins to gain access. Worst part of Flame? It has been spreading for years. Stuxnet, Duqu and Flame are all examples of cases where we - the antivirus industry - have failed. All of these cases were spreading undetected for extended periods of time. More information from: •Budapest University of Technology and Economics's Laboratory of Cryptography and System Security (CrySyS) •Securelist (Kaspersky) •Iran National CERT (MAHER)